Hi Team, We have defined the index retention as 420 days but when we are trying to access the logs those are in .csv format not as event-value format. PFA of index details and below indexes.conf confuguration if that index.   [rt_efb] # 250MB a day / 35 days in warm / 460 days retention / 8 GB max index size homePath = volume:hot/rt_efb/db coldPath = volume:cold/rt_efb/colddb thawedPath = $SPLUNK_DB/rt_efb/thaweddb #set to 5 days, +- 5days padding maxHotSpanSecs = 432000 #set to 2 hot buckets maxHotBuckets = 2 homePath.maxDataSizeMB = 2500 coldPath.maxDataSizeMB = 5500 frozenTimePeriodInSecs = 39744000 maxTotalDataSizeMB = 26000   Can you please suggest us on this?   Regards, Anil   ... View more